Security in the Cloud | Amazon Web Services

•

1 like•429 views

This is a brief presentation illustrating some best practices around building sensitive workloads in the AWS Cloud as well as how AWS services can make information security rigor much more scalable.

©2017 Amazon Web Services, Inc. or its affiliates. All rights reserved
Security in the Cloud
Ray Chang
Solutions Architect, Amazon Web Services

• The need for information security hygiene is the same in and
out of the cloud
• The right cloud platform makes security more straightforward
and scalable
The Story in Summary

Government Agencies and Educational Institutions Use
AWS Worldwide
3

AWS Artifacts - Compliance reports
• Provides customers with an easier process to obtain AWS
compliance reports (SOC, PCI, ISO) with self-service, on-demand
access via the console
AWS Artifact

AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability
Zones Edge
Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network, & Firewall Configuration
Customer applications & content
Customers
Security & compliance is a shared responsibility
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for
the security OF
the Cloud

Continuous ChangeRecordingChanging
Resources
AWS Config Rules
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config

Data Protection In-Transit and At-Rest
Encryption In-Transit
SSL/TLS
VPN / IPSEC
SSH
Encryption At-Rest
Object
Database
Filesystem
Disk

Web Layer
Application Layer
Database Layer
Only 80 and 443 open
to Internet
Open access only to Web
Layer and ssh open to
management bastion
By default, all ports are
closed
Amazon EC2
Security Group
Firewall
Multi-tier architecture using Security Groups

Security Groups = stateful firewall
In English: Hosts in this group are reachable
from the Internet on port 80 (HTTP)

Network ACLs = Stateless Firewall Rules
English translation: Allow all traffic in
Can be applied on a subnet basis

Secure connection with VPN / Direct Connect
Your Data Center
Project A
Deployed
Virtual Private
Cloud (VPC)
Direct Connect

VPC Flow Logs – See all your traffic
• Agentless
• Enable per ENI, per subnet, or per VPC
• Logged to AWS CloudWatch Logs
• Create CloudWatch metrics from log data
• Alarm on those metrics
AWS
account
Source IP
Destination IP
Source port
Destination port
Interface Protocol Packets
Bytes Start/end time
Accept
or reject

AWS CLOUDTRAIL – “Cloud” usage logging
You are making
API calls...
On a growing set of
services around the
world…
AWS CloudTrail
is continuously
recording API
calls…
And delivering
log files to you

CloudWatch Logs – Centralization of logs
CloudWatch Logs provides a centralized service to
absorb, store, analyze, and take action on a variety
of log sources.
• Operating system logs
• Webserver logs
• Application logs
Use cases
• Centralized log store
• Prevent log modification on instances
• Notifications on events

“Based on our experience, I believe that we can be even more secure in the AWS
cloud than in our own datacenters.” - Tom Soderstrom, CTO, NASA JPL
“And of course, security is critical for us. The financial services industry attracts
some of the worst cyber criminals. So we worked closely with the AWS team to
develop a security model which, we believe, allows us to operate more securely
in the public cloud than we can even in our own datacenters.” – Rob Alexander,
CIO, Capital One
“From a physical and logical security standpoint, I believe that, if done right,
public cloud computing is as or more secure than self-hosting.” – Steve
Randich, EVP and CIO, Financial Industry Regulatory Authority, USA
Improving your security with AWS…

Ray Chang
Solutions Architect, Amazon Web Services

What's hot

Security, Risk, Compliance & Controls

Amazon Web Services

Shared Responsibility In Action

Mark Nunnikhoven

How to protect your IoT data on AWS

Lahav Savir

The AWS Shared Responsibility Model in Practice

Alert Logic

In this session we will walk through practical examples of how Amazon Web Services customers operate heavily regulated workloads and mission critical applications in the cloud. Through real world customer examples we will apply security and governance controls which will provide you with increased visibility and control of your application and infrastructure for these workloads. You will learn how Enterprise secure and enable audit controls on their heavily regulated workloads in an Amazon Web Services Account. At the same time, extend your datacenter and control mechanisms to Amazon Web Services.

Mission Critical Applications Workloads on Amazon Web Services

Amazon Web Services

The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS

Alert Logic

Connecting the Unconnected using AWS IoT - AWS Summit Tel Aviv 2017

Amazon Web Services

IoT at the Edge: Greengrass and More!

Amazon Web Services

Securing enterprise big data workloads on AWS

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Iolaire Mckinnon, Senior Consultant - Security, Risk & Compliance, Professional Services, AWS

Improving Security Agility using DevSecOps

Amazon Web Services

The demands regarding websites are rising drastically. Modern websites are becoming applications, integrating content and functions. Infopark Cloud Express is a PaaS offering for running WebCMS- and CRM-backed Web-Sites. It allowes Ruby on Rails Developers to create application-driven, scalable personalized Web-Sites without worrying about infrastructure.If you are building Web-Sites using Ruby on Rails on AWS, this talk is for you. Speaker:Thomas Witt, Director Product & Business Development, Infopark AG.

AWS Summit Berlin 2013 - Next-Generation Websites on Demand – with Infopark C...

AWS Germany

La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes. Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise. https://aws.amazon.com/es/security/

AWS - Security & Compliance

Amazon Web Services LATAM

Security in the Cloud - AWS Symposium 2014 - Washington D.C.

Amazon Web Services

1. aws security and compliance wwps pre-day sao paolo - markry

Amazon Web Services LATAM

Taking Security Responsibility in the AWS Cloud

Franklin Mosley

AWS provides all sorts of security features and capabilities, and these features generate tons of data to be sifted and analyzed. In this session, hear what we are doing to support ingestion, processing, and storage of data at scale to support our Security Science and DevSecOps programs. We've had a lot of experience understanding what is and is not possible for crunching security data using big data environments. In fact, we've discovered it's much easier to develop the tools and processes necessary to support applications than you might think.

(SEC326) Security Science Using Big Data

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Brian Wagner, Security Consultant, Professional Services, AWS

Using AWS Organizations to Ensure Compliance in Your Cloud

Amazon Web Services

Enterprises are turning to AWS to enable innovation and retire technical debt. Cloudreach are delighted to share their extensive experience and knowledge of the Enterprise’s adoption to achieve these principal aims. The aim of the session is to set out how Cloudreach ensures successful Cloud Adoption, covering technical, change management and organizational aspects to create the path towards enabling innovation. Session sponsored by Cloudreach.

Successful Cloud Adoption for the Enterprise. Not If. When.

Amazon Web Services

Compliance In The Cloud Using Security By Design

Amazon Web Services

The AWS Shared Security Responsibility Model in Practice

Alert Logic

What's hot (20)

Security, Risk, Compliance & Controls

Shared Responsibility In Action

How to protect your IoT data on AWS

The AWS Shared Responsibility Model in Practice

Mission Critical Applications Workloads on Amazon Web Services

The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS

Connecting the Unconnected using AWS IoT - AWS Summit Tel Aviv 2017

IoT at the Edge: Greengrass and More!

Securing enterprise big data workloads on AWS

Improving Security Agility using DevSecOps

AWS Summit Berlin 2013 - Next-Generation Websites on Demand – with Infopark C...

AWS - Security & Compliance

Security in the Cloud - AWS Symposium 2014 - Washington D.C.

1. aws security and compliance wwps pre-day sao paolo - markry

Taking Security Responsibility in the AWS Cloud

(SEC326) Security Science Using Big Data

Using AWS Organizations to Ensure Compliance in Your Cloud

Successful Cloud Adoption for the Enterprise. Not If. When.

Compliance In The Cloud Using Security By Design

The AWS Shared Security Responsibility Model in Practice

Similar to Security in the Cloud | Amazon Web Services

Security & Compliance in AWS

Amazon Web Services

AWS Innovate Ottawa: Security & Compliance

Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Intro & Security Update

Amazon Web Services

Toward Full Stack Security

Amazon Web Services

Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.

AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013

Amazon Web Services

Security & Compliance

Amazon Web Services

The AWS Shared Responsibility Model in Practice

Alert Logic

Modernizing Technology Governance

Alert Logic

Getting Started With AWS Security

Amazon Web Services

How can you architect your applications for regulatory and organisational compliance? How can you automate security, auditability, and governance controls using best practice? In this session, Accenture draws from real-world examples to showcase how the cloud can strengthen your security and compliance posture, while ensuring maximum agility – articulated through the lifecycle of an application moving to the cloud. Speaker: Chris Fleischmann, Managing Director, Journey To Cloud, Accenture Level: 200

Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...

Amazon Web Services

Preparing data for analysis and insights is the foundation of any data-driven exercise. Moving workloads to a PaaS, be it data engineering, analytic database, or data science requires a two step leap of faith - in trusting the public cloud, and then your PaaS vendor. In this webinar we will discuss the architecture of a PaaS solution for data management and understand the nitty gritty details of what exactly this involves with the following: An exploration of the architecture of Cloudera Altus PaaS - the industry’s first multi-function, multi-cloud data and analytic platform-as-a-service A dive into use cases and a demo of Altus The synergy between AWS and Altus to help you securely standardize on a combination of public cloud and data management 3 things to learn: An exploration of the architecture of Cloudera Altus PaaS - the industry’s first multi-function, multi-cloud data and analytic platform-as-a-service A dive into use cases and a demo of Altus The synergy between AWS and Altus to help you securely standardize on a combination of public cloud and data management

PaaS or Fail: Rule the Cloud with Altus

Cloudera, Inc.

The AWS Shared Responsibility Model in Practice

Alert Logic

Security and Compliance Better on AWS_John Hildebrandt

Helen Rogers

PaaS or Fail: Rule the Cloud with Altus

Cloudera, Inc.

Simplify & Standardise your migration to AWS with a Migration Landing Zone

Amazon Web Services

Getting Started with AWS Security

Amazon Web Services

선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...

Amazon Web Services Korea

AWS Security for Financial Services

Amazon Web Services

IT teams in K12 wear many hats. From helping with technology in the classroom to managing district wide operations, it’s a balancing act every day. Join this webinar on Thursday, June 29 and learn how the cloud enables district IT teams be as agile and flexible as the students they serve, even during unexpected emergencies. The cloud offers numerous benefits including lower costs, faster experimentation, pay-as-you-go usage, and no physical infrastructure to manage. You’ll learn: • What is the cloud and why it matters to K12 • Best practices to ensure smooth system operations during peak registration, graduation, and testing periods • How to prepare for inevitable emergencies with long-term record storage in redundant cloud environments • How one district has saved up to 50% on IT costs over five years, helping them focus on teaching and learning • How to build redundancy into your school’s IT plan, allowing you to access records at any time

The Tightrope for K12 IT

Amazon Web Services

You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next? Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies. This slide deck covers: - How security will be integrated into the overall processes of development and deployment. - How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed. - How to be successful with API-enabled, continuous security tools in the cloud. - How to operationalize security alarms, enabling world-class incident response and remediation capabilities.

Automating your AWS Security Operations

Evident.io

Similar to Security in the Cloud | Amazon Web Services (20)

Security & Compliance in AWS

AWS Innovate Ottawa: Security & Compliance

Intro & Security Update

Toward Full Stack Security

AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013

Security & Compliance

The AWS Shared Responsibility Model in Practice

Modernizing Technology Governance

Getting Started With AWS Security

Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...

PaaS or Fail: Rule the Cloud with Altus

The AWS Shared Responsibility Model in Practice

Security and Compliance Better on AWS_John Hildebrandt

PaaS or Fail: Rule the Cloud with Altus

Simplify & Standardise your migration to AWS with a Migration Landing Zone

Getting Started with AWS Security

선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...

AWS Security for Financial Services

The Tightrope for K12 IT

Automating your AWS Security Operations

More from Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Security in the Cloud | Amazon Web Services

2. • The need for information security hygiene is the same in and out of the cloud • The right cloud platform makes security more straightforward and scalable The Story in Summary

3. Government Agencies and Educational Institutions Use AWS Worldwide 3

4. Assurance programs

5. AWS Artifacts - Compliance reports • Provides customers with an easier process to obtain AWS compliance reports (SOC, PCI, ISO) with self-service, on-demand access via the console AWS Artifact

6. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content Customers Security & compliance is a shared responsibility Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud

7. Control and Visibility

10. Continuous ChangeRecordingChanging Resources AWS Config Rules History Stream Snapshot (ex. 2014-11-05) AWS Config

11. Data Privacy and Encryption

12. Data Protection In-Transit and At-Rest Encryption In-Transit SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk

13. Network Security

14. Web Layer Application Layer Database Layer Only 80 and 443 open to Internet Open access only to Web Layer and ssh open to management bastion By default, all ports are closed Amazon EC2 Security Group Firewall Multi-tier architecture using Security Groups

15. Security Groups = stateful firewall In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)

16. Network ACLs = Stateless Firewall Rules English translation: Allow all traffic in Can be applied on a subnet basis

17. Secure connection with VPN / Direct Connect Your Data Center Project A Deployed Virtual Private Cloud (VPC) Direct Connect

18. Logging and Auditing

19. VPC Flow Logs – See all your traffic • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject

20. VPC Flow Logs – See all your traffic

21. AWS CLOUDTRAIL – “Cloud” usage logging You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you

22. CloudWatch Logs – Centralization of logs CloudWatch Logs provides a centralized service to absorb, store, analyze, and take action on a variety of log sources. • Operating system logs • Webserver logs • Application logs Use cases • Centralized log store • Prevent log modification on instances • Notifications on events

23. “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own datacenters.” - Tom Soderstrom, CTO, NASA JPL “And of course, security is critical for us. The financial services industry attracts some of the worst cyber criminals. So we worked closely with the AWS team to develop a security model which, we believe, allows us to operate more securely in the public cloud than we can even in our own datacenters.” – Rob Alexander, CIO, Capital One “From a physical and logical security standpoint, I believe that, if done right, public cloud computing is as or more secure than self-hosting.” – Steve Randich, EVP and CIO, Financial Industry Regulatory Authority, USA Improving your security with AWS…

24. Ray Chang Solutions Architect, Amazon Web Services

Security in the Cloud | Amazon Web Services

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Security in the Cloud | Amazon Web Services

Similar to Security in the Cloud | Amazon Web Services (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Security in the Cloud | Amazon Web Services